forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurrent.yaml
167 lines (161 loc) · 8.79 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: http2
change: |
Sets runtime guard ``envoy.reloadable_features.http2_use_oghttp2`` to true by default.
- area: dfp
change: |
Setting :ref:`dns_query_timeout
<envoy_v3_api_field_extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig.dns_query_timeout>`
to 0 will disable the the Envoy DNS query timeout and use the underlying DNS implementation timeout.
- area: ext_proc
change: |
When :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`
headers/trailers modes have the value ``DEFAULT`` (unset), no change will be made to the processing
mode set in the filter configuration.
- area: ext_proc
change: |
Ignore request_header_mode field of :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`
when comparing the mode_override against allowed_override_modes as request_header mode override is not applicable.
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: dfp
change: |
Fixes a bug when loading a DNS cache entry with an empty authority/host header. This fix can be reverted by setting
runtime guard ``envoy.reloadable_features.dfp_fail_on_empty_host_header`` to ``false``.
- area: router
change: |
Fixed query parameter matcher to properly implement
:ref:`present_match <envoy_v3_api_field_config.route.v3.QueryParameterMatcher.present_match>`. Previously, the
matcher would incorrectly handle ``present_match`` configurations by treating them as default present checks. This
behavior can be temporarily reverted by setting runtime feature
``envoy_reloadable_features_enable_new_query_param_present_match_behavior`` to ``false``.
- area: tcp_proxy
change: |
Fixes a bug when TCP is tunneled over HTTP and upstream connection closed before response headers received to the stream.
The fix is to run the retry logic in a different event loop iteration to allow cleanup of the closed connection before retrying.
This fix can be reverted by setting runtime guard ``envoy.reloadable_features.tcp_proxy_retry_on_different_event_loop`` to ``false``.
- area: oauth2
change: |
Fixed OAuth2 credential injector to send scope (if specified) to authorization server when requesting new access
token using ``client_credentials`` flow.
- area: original_src filter
change: |
Set IP_BIND_ADDRESS_NO_PORT socket option in the original_src filter to prevent port exhaustion caused by the
kernel prematurely reserving ephemeral ports. This behavior change can be reverted by setting runtime guard
``envoy.reloadable_features.original_src_fix_port_exhaustion`` to ``false``.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: http
change: |
Removed runtime guard ``envoy.reloadable_features.consistent_header_validation`` and legacy code paths.
- area: http
change: |
Removed runtime guard ``envoy.reloadable_features.sanitize_http2_headers_without_nghttp2`` and legacy code paths.
- area: access_log
change: |
Removed runtime guard ``envoy.reloadable_features.upstream_remote_address_use_connection`` and legacy code paths.
- area: xds
change: |
Removed runtime guard ``envoy.reloadable_features.xdstp_path_avoid_colon_encoding`` and legacy code paths.
- area: thread_local
change: |
Removed runtime guard ``envoy.reloadable_features.allow_slot_destroy_on_worker_threads`` and legacy code paths.
- area: runtime
change: |
Removed runtime flag ``envoy.reloadable_features.reject_invalid_yaml`` and legacy code paths.
- area: dns
change: |
Removed runtime flag ``envoy.reloadable_features.dns_details`` and legacy code paths.
- area: local_ratelimit
change: |
Removed runtime guard ``envoy.reloadable_features.no_timer_based_rate_limit_token_bucket`` and legacy code paths.
new_features:
- area: dfp
change: |
The DFP cluster will now use the async lookup path to do DNS resolutions for null hosts. This behavioral change
can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.dfp_cluster_resolves_hosts``
to false.
- area: oauth2
change: |
Add the option to specify SameSite cookie attribute values for oauth2 supported cookies.
To specify ``SameSite`` attribute, choose one of the values from ``strict``, ``lax`` or ``none``. If not specified,
a default value of ``disabled`` will be assigned and there will be no ``SameSite`` value in the cookie attribute. See
:ref:`apply_on_stream_done <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.cookie_configs>`
for more details.
- area: spiffe
change: |
Added :ref:`trust_bundles
<envoy_v3_api_field_extensions.transport_sockets.tls.v3.SPIFFECertValidatorConfig.trust_bundles>`
to the SPIFFE certificate validator configuration. This field allows specifying a SPIFFE trust
bundle mapping as a ``DataSource``. If both ``trust_bundles`` and ``trust_domains`` are specified,
``trust_bundles`` takes precedence.
- area: resource_monitors
change: |
Added support to monitor container CPU utilization in Linux K8s environment using
:ref:`existing extension <envoy_v3_api_msg_extensions.resource_monitors.cpu_utilization.v3.CpuUtilizationConfig>`.
- area: lua
change: |
Added :ref:`virtualClusterName() <config_http_filters_lua_stream_info_virtual_cluster_name>` API to the Stream Info
Object to get the name of the virtual cluster matched.
- area: tap
change: |
Added an UDP extension for tap custom sink.
- area: udp_proxy
change: |
Added support for outlier detection in UDP proxy. This change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.enable_udp_proxy_outlier_detection`` to ``false``.
- area: http
change: |
Added alpha support for asynchronous load balancing. See
:ref:`load balancing policies overview <arch_overview_load_balancing_policies>` for more details. Support can
be temporarily reverted by setting runtime guard ``envoy.reloadable_features.async_host_selection`` to ``false``.
- area: ext_proc
change: |
Adding support for a new body mode: ``FULL_DUPLEX_STREAMED`` in the ``ext_proc`` filter
:ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`.
- area: proxy_protocol
change: |
Added support for injecting custom Type-Length-Value (TLV) entries into the Proxy Protocol v2 header for upstream
transport sockets. Custom TLVs can be defined both in the endpoint host's typed metadata under the
``envoy.transport_sockets.proxy_protocol`` namespace and at the configuration level via the ``ProxyProtocolConfig``'s
``added_tlvs`` field. Host-level TLV definitions override config-level entries when the same type is specified, allowing
default TLVs to be set globally, while enabling further per-endpoint customizations.
- area: formatter
change: |
Added ``QUERY_PARAM`` support for substitution formatter. See :ref:`access log formatter <config_access_log_format>`
for more details.
- area: http
change: |
Added :ref:`max_metadata_size <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.max_metadata_size>` to make
HTTP/2 metadata limits configurable.
- area: tcp_proxy
change: |
Added support for :ref:`backoff_options <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.backoff_options>`
to configure the backoff strategy for TCP proxy retries.
- area: redis
change: |
Added support for multi-key commands on transactions.
- area: dfp
change: |
Added a feature to disable DNS refresh on failure by setting :ref:`disable_dns_refresh_on_failure
<envoy_v3_api_field_extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig.disable_dns_refresh_on_failure>` to
``true``. By enabling this feature, the failed hosts will now be treated as a cache miss.
- area: xds
change: |
Reporting a locality_stats to LRS server when ``rq_issued > 0``, disable by setting runtime guard
``envoy.reloadable_features.report_load_with_rq_issued`` to ``false``.
- area: local_rate_limit
change: |
Added support for dynamic token buckets in local rate limit filter for http requests.
- area: attributes
change: |
Added :ref:`attribute <arch_overview_attributes>` ``upstream.locality`` to obtain upstream locality information.
- area: dynamic_modules
change: |
Added the initial support for shared libraries to be loaded by Envoy at runtime. Please refer to the overview documentation for the
feature :ref:`here <arch_overview_dynamic_modules>`.
deprecated: